teleport-15.1.6-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13782-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z teleport-15.1.6-1.1 on GA media These are all security issues fixed in the teleport-15.1.6-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13782 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-27303/ SUSE CVE CVE-2024-27303 page openSUSE Tumbleweed teleport-15.1.6-1.1 teleport-tbot-15.1.6-1.1 teleport-tctl-15.1.6-1.1 teleport-tsh-15.1.6-1.1 teleport-15.1.6-1.1 as a component of openSUSE Tumbleweed teleport-tbot-15.1.6-1.1 as a component of openSUSE Tumbleweed teleport-tctl-15.1.6-1.1 as a component of openSUSE Tumbleweed teleport-tsh-15.1.6-1.1 as a component of openSUSE Tumbleweed electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. CVE-2024-27303 openSUSE Tumbleweed:teleport-15.1.6-1.1 openSUSE Tumbleweed:teleport-tbot-15.1.6-1.1 openSUSE Tumbleweed:teleport-tctl-15.1.6-1.1 openSUSE Tumbleweed:teleport-tsh-15.1.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-27303.html CVE-2024-27303